from the always-on-microphones dept

Well, you knew this was coming sooner or later. Reports came out this week (via the paywalled site The Information) that law enforcement in Bentonville, Arkansas issued a warrant to Amazon asking for any recordings that Amazon had from its Echo device that may have been relevant to a murder case they're working on. At issue is the Amazon Echo device owned by James Andrew Bates, who is accused of murdering Victor Collins a year ago. The key bit of information here is that Amazon refused to hand over any recordings that it might have logged, but did hand over more general information about Bates' account and purchases.

Of course, just the request for possible audio information has lots of people paying attention. This kind of thing has been predicted for ages -- now that pretty much everyone has "always on" microphones all around them in the form of either internet-of-things connected devices like the Echo, or merely your mobile phone with Apple's Siri or Google Now. The police in this case appear to be searching for any info that could be supplied by the devices that spy on us:

Police say Bates had several other smart home devices, including a water meter. That piece of tech shows that 140 gallons of water were used between 1AM and 3AM the night Collins was found dead in Bates' hot tub. Investigators allege the water was used to wash away evidence of what happened off of the patio. The examination of the water meter and the request for stored Echo information raises a bigger question about privacy. At a time when we have any number of devices tracking and automating our habits at home, should that information be used against us in criminal cases?

Bates' attorney argues that it shouldn't. "You have an expectation of privacy in your home, and I have a big problem that law enforcement can use the technology that advances our quality of life against us," defense attorney Kimberly Weber said. Of course, there's also the question of how reliable information is from smart home devices. Accuracy can be an issue for any number of IoT gadgets. However, an audio recording would seemingly be a solid piece of evidence, if released.

Amazon’s Echo (and its main competitor, the Google Home) works by passively recording everything you say. None of this information is actually sent to Amazon. Think of it more like taking notes in class — as if you’re listening but not writing anything down until your professor actually says something important. But when the Echo hears “Alexa” (or whatever your activation phrase is), it begins to actively record. That snippet of speech is then sent to Amazon’s cloud servers, where your recorded message is run through a speech-recognition neural network and a response is sent back to you, whether that’s playing a song on Spotify or giving you the weather forecast.

Amazon keeps all of the recordings of you asking Alexa to play WNYC or of you setting a timer for 20 minutes. You can jump into the Alexa companion app and hear all of your requests again if you want to see just how bored you sound when talking to your home voice robot. Sure, it’s slightly creepy — but Amazon also tracks pretty much every move you make while you’re online shopping as well.

That article also notes that Amazon has no officially stated policy about how long it keeps recordings, but there's an anecdotal suggestion that it's deleted after six months.

Of course, some people will immediately use this as a reason why no one should ever have these kinds of devices -- but that ignores that they can actually be quite useful as well. This is the trade off that we continually go through with modern technology these days. The ability to make use of certain tools and services also involves revealing certain information about you -- and then you have two potential problems: first, what does the company giving you the service do with that info and, second, what would third parties (e.g., law enforcement or hackers) like to do with that info if they could get a hold of it.

This is the kind of thing that everyone -- especially in the tech industry -- should be discussing, but seems afraid to even bring it up, for fear of scaring people off of these new devices and services. This is ridiculously short-sighted. The industry should be much more upfront about this. It should be much clearer about what information is collected, what is done with it, how long it's kept and who has access to it. Even more important is that it should give the end user full control over that data. That is, let users log in and see what information is collected and how it's been accessed. Similarly, allow the user to delete that info -- perhaps while letting them know it might impact the quality of services. By being more transparent, and giving more control to the end users, then people can actually get the benefits of some of these services, without having to worry about the problems (or at least making decisions to minimize the risk).

Amazon may have chosen not to give the info in this case (if it even had any info to give) -- and that's good. But these kinds of requests are going to keep coming. And ignoring the issue isn't going to help anyone.